mirror of
https://github.com/casdoor/casdoor.git
synced 2025-07-21 16:03:50 +08:00
Compare commits
17 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 2c3749820e | |||
| 0b17cb9746 | |||
| e2ce9ad625 | |||
| 64491abc64 | |||
| 934a8947c8 | |||
| 943edfb48b | |||
| 0d02b5e768 | |||
| ba8d0b5f46 | |||
| 973a1df6c2 | |||
| 05bfd3a3a3 | |||
| 69aa3c8a8b | |||
| a1b010a406 | |||
| 89e92cbd47 | |||
| d4c8193357 | |||
| 9b33800b4c | |||
| ec98785172 | |||
| 45dd4cc344 |
@ -26,6 +26,10 @@ func GetCaptchaProvider(captchaType string) CaptchaProvider {
|
||||
return NewDefaultCaptchaProvider()
|
||||
case "reCAPTCHA":
|
||||
return NewReCaptchaProvider()
|
||||
case "reCAPTCHA v2":
|
||||
return NewReCaptchaProvider()
|
||||
case "reCAPTCHA v3":
|
||||
return NewReCaptchaProvider()
|
||||
case "Aliyun Captcha":
|
||||
return NewAliyunCaptchaProvider()
|
||||
case "hCaptcha":
|
||||
|
||||
@ -78,6 +78,7 @@ type Application struct {
|
||||
EnableSamlCompress bool `json:"enableSamlCompress"`
|
||||
EnableSamlC14n10 bool `json:"enableSamlC14n10"`
|
||||
EnableSamlPostBinding bool `json:"enableSamlPostBinding"`
|
||||
UseEmailAsSamlNameId bool `json:"useEmailAsSamlNameId"`
|
||||
EnableWebAuthn bool `json:"enableWebAuthn"`
|
||||
EnableLinkWithEmail bool `json:"enableLinkWithEmail"`
|
||||
OrgChoiceMode string `json:"orgChoiceMode"`
|
||||
@ -531,7 +532,7 @@ func GetMaskedApplication(application *Application, userId string) *Application
|
||||
|
||||
providerItems := []*ProviderItem{}
|
||||
for _, providerItem := range application.Providers {
|
||||
if providerItem.Provider != nil && (providerItem.Provider.Category == "OAuth" || providerItem.Provider.Category == "Web3" || providerItem.Provider.Category == "Captcha") {
|
||||
if providerItem.Provider != nil && (providerItem.Provider.Category == "OAuth" || providerItem.Provider.Category == "Web3" || providerItem.Provider.Category == "Captcha" || providerItem.Provider.Category == "SAML") {
|
||||
providerItems = append(providerItems, providerItem)
|
||||
}
|
||||
}
|
||||
|
||||
@ -65,7 +65,11 @@ func NewSamlResponse(application *Application, user *User, host string, certific
|
||||
assertion.CreateAttr("IssueInstant", now)
|
||||
assertion.CreateElement("saml:Issuer").SetText(host)
|
||||
subject := assertion.CreateElement("saml:Subject")
|
||||
subject.CreateElement("saml:NameID").SetText(user.Name)
|
||||
nameIDValue := user.Name
|
||||
if application.UseEmailAsSamlNameId {
|
||||
nameIDValue = user.Email
|
||||
}
|
||||
subject.CreateElement("saml:NameID").SetText(nameIDValue)
|
||||
subjectConfirmation := subject.CreateElement("saml:SubjectConfirmation")
|
||||
subjectConfirmation.CreateAttr("Method", "urn:oasis:names:tc:SAML:2.0:cm:bearer")
|
||||
subjectConfirmationData := subjectConfirmation.CreateElement("saml:SubjectConfirmationData")
|
||||
@ -386,7 +390,7 @@ func GetSamlResponse(application *Application, user *User, samlRequest string, h
|
||||
}
|
||||
|
||||
// NewSamlResponse11 return a saml1.1 response(not 2.0)
|
||||
func NewSamlResponse11(user *User, requestID string, host string) (*etree.Element, error) {
|
||||
func NewSamlResponse11(application *Application, user *User, requestID string, host string) (*etree.Element, error) {
|
||||
samlResponse := &etree.Element{
|
||||
Space: "samlp",
|
||||
Tag: "Response",
|
||||
@ -430,7 +434,11 @@ func NewSamlResponse11(user *User, requestID string, host string) (*etree.Elemen
|
||||
// nameIdentifier inside subject
|
||||
nameIdentifier := subject.CreateElement("saml:NameIdentifier")
|
||||
// nameIdentifier.CreateAttr("Format", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")
|
||||
nameIdentifier.SetText(user.Name)
|
||||
if application.UseEmailAsSamlNameId {
|
||||
nameIdentifier.SetText(user.Email)
|
||||
} else {
|
||||
nameIdentifier.SetText(user.Name)
|
||||
}
|
||||
|
||||
// subjectConfirmation inside subject
|
||||
subjectConfirmation := subject.CreateElement("saml:SubjectConfirmation")
|
||||
@ -439,7 +447,11 @@ func NewSamlResponse11(user *User, requestID string, host string) (*etree.Elemen
|
||||
attributeStatement := assertion.CreateElement("saml:AttributeStatement")
|
||||
subjectInAttribute := attributeStatement.CreateElement("saml:Subject")
|
||||
nameIdentifierInAttribute := subjectInAttribute.CreateElement("saml:NameIdentifier")
|
||||
nameIdentifierInAttribute.SetText(user.Name)
|
||||
if application.UseEmailAsSamlNameId {
|
||||
nameIdentifierInAttribute.SetText(user.Email)
|
||||
} else {
|
||||
nameIdentifierInAttribute.SetText(user.Name)
|
||||
}
|
||||
|
||||
subjectConfirmationInAttribute := subjectInAttribute.CreateElement("saml:SubjectConfirmation")
|
||||
subjectConfirmationInAttribute.CreateElement("saml:ConfirmationMethod").SetText("urn:oasis:names:tc:SAML:1.0:cm:artifact")
|
||||
|
||||
@ -281,7 +281,7 @@ func GetValidationBySaml(samlRequest string, host string) (string, string, error
|
||||
return "", "", fmt.Errorf("the application for user %s is not found", userId)
|
||||
}
|
||||
|
||||
samlResponse, err := NewSamlResponse11(user, request.RequestID, host)
|
||||
samlResponse, err := NewSamlResponse11(application, user, request.RequestID, host)
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
|
||||
@ -18,16 +18,20 @@ import (
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
"github.com/casdoor/casdoor/util"
|
||||
"github.com/golang-jwt/jwt/v4"
|
||||
)
|
||||
|
||||
type ClaimsStandard struct {
|
||||
*UserShort
|
||||
Gender string `json:"gender,omitempty"`
|
||||
TokenType string `json:"tokenType,omitempty"`
|
||||
Nonce string `json:"nonce,omitempty"`
|
||||
Scope string `json:"scope,omitempty"`
|
||||
Address OIDCAddress `json:"address,omitempty"`
|
||||
EmailVerified bool `json:"email_verified,omitempty"`
|
||||
PhoneNumber string `json:"phone_number,omitempty"`
|
||||
PhoneNumberVerified bool `json:"phone_number_verified,omitempty"`
|
||||
Gender string `json:"gender,omitempty"`
|
||||
TokenType string `json:"tokenType,omitempty"`
|
||||
Nonce string `json:"nonce,omitempty"`
|
||||
Scope string `json:"scope,omitempty"`
|
||||
Address OIDCAddress `json:"address,omitempty"`
|
||||
|
||||
jwt.RegisteredClaims
|
||||
}
|
||||
@ -43,12 +47,14 @@ func getStreetAddress(user *User) string {
|
||||
func getStandardClaims(claims Claims) ClaimsStandard {
|
||||
res := ClaimsStandard{
|
||||
UserShort: getShortUser(claims.User),
|
||||
EmailVerified: claims.User.EmailVerified,
|
||||
TokenType: claims.TokenType,
|
||||
Nonce: claims.Nonce,
|
||||
Scope: claims.Scope,
|
||||
RegisteredClaims: claims.RegisteredClaims,
|
||||
}
|
||||
|
||||
res.Phone = ""
|
||||
var scopes []string
|
||||
|
||||
if strings.Contains(claims.Scope, ",") {
|
||||
@ -62,6 +68,15 @@ func getStandardClaims(claims Claims) ClaimsStandard {
|
||||
res.Address = OIDCAddress{StreetAddress: getStreetAddress(claims.User)}
|
||||
} else if scope == "profile" {
|
||||
res.Gender = claims.User.Gender
|
||||
} else if scope == "phone" && claims.User.Phone != "" {
|
||||
res.PhoneNumberVerified = true
|
||||
phoneNumber, ok := util.GetE164Number(claims.User.Phone, claims.User.CountryCode)
|
||||
if !ok {
|
||||
res.PhoneNumberVerified = false
|
||||
} else {
|
||||
res.PhoneNumber = phoneNumber
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -950,7 +950,17 @@ func DeleteUser(user *User) (bool, error) {
|
||||
return false, err
|
||||
}
|
||||
|
||||
return deleteUser(user)
|
||||
organization, err := GetOrganizationByUser(user)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
if organization != nil && organization.EnableSoftDeletion {
|
||||
user.IsDeleted = true
|
||||
user.DeletedTime = util.GetCurrentTime()
|
||||
return UpdateUser(user.GetId(), user, []string{"is_deleted", "deleted_time"}, false)
|
||||
} else {
|
||||
return deleteUser(user)
|
||||
}
|
||||
}
|
||||
|
||||
func GetUserInfo(user *User, scope string, aud string, host string) (*Userinfo, error) {
|
||||
|
||||
@ -271,113 +271,213 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
|
||||
|
||||
if oldUser.Owner != newUser.Owner {
|
||||
item := GetAccountItemByName("Organization", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Owner = oldUser.Owner
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
if oldUser.Name != newUser.Name {
|
||||
item := GetAccountItemByName("Name", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Name = oldUser.Name
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
if oldUser.Id != newUser.Id {
|
||||
item := GetAccountItemByName("ID", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Id = oldUser.Id
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
if oldUser.DisplayName != newUser.DisplayName {
|
||||
item := GetAccountItemByName("Display name", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.DisplayName = oldUser.DisplayName
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
if oldUser.Avatar != newUser.Avatar {
|
||||
item := GetAccountItemByName("Avatar", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Avatar = oldUser.Avatar
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
if oldUser.Type != newUser.Type {
|
||||
item := GetAccountItemByName("User type", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Type = oldUser.Type
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
// The password is *** when not modified
|
||||
if oldUser.Password != newUser.Password && newUser.Password != "***" {
|
||||
item := GetAccountItemByName("Password", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Password = oldUser.Password
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
if oldUser.Email != newUser.Email {
|
||||
item := GetAccountItemByName("Email", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Email = oldUser.Email
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
if oldUser.Phone != newUser.Phone {
|
||||
item := GetAccountItemByName("Phone", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Phone = oldUser.Phone
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
if oldUser.CountryCode != newUser.CountryCode {
|
||||
item := GetAccountItemByName("Country code", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.CountryCode = oldUser.CountryCode
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
if oldUser.Region != newUser.Region {
|
||||
item := GetAccountItemByName("Country/Region", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Region = oldUser.Region
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
if oldUser.Location != newUser.Location {
|
||||
item := GetAccountItemByName("Location", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Location = oldUser.Location
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
if oldUser.Affiliation != newUser.Affiliation {
|
||||
item := GetAccountItemByName("Affiliation", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Affiliation = oldUser.Affiliation
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
if oldUser.Title != newUser.Title {
|
||||
item := GetAccountItemByName("Title", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Title = oldUser.Title
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
if oldUser.Homepage != newUser.Homepage {
|
||||
item := GetAccountItemByName("Homepage", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Homepage = oldUser.Homepage
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
if oldUser.Bio != newUser.Bio {
|
||||
item := GetAccountItemByName("Bio", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Bio = oldUser.Bio
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
if oldUser.Tag != newUser.Tag {
|
||||
item := GetAccountItemByName("Tag", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Tag = oldUser.Tag
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
if oldUser.SignupApplication != newUser.SignupApplication {
|
||||
item := GetAccountItemByName("Signup application", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.SignupApplication = oldUser.SignupApplication
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
|
||||
if oldUser.Gender != newUser.Gender {
|
||||
item := GetAccountItemByName("Gender", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Gender = oldUser.Gender
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
|
||||
if oldUser.Birthday != newUser.Birthday {
|
||||
item := GetAccountItemByName("Birthday", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Birthday = oldUser.Birthday
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
|
||||
if oldUser.Education != newUser.Education {
|
||||
item := GetAccountItemByName("Education", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Education = oldUser.Education
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
|
||||
if oldUser.IdCard != newUser.IdCard {
|
||||
item := GetAccountItemByName("ID card", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.IdCard = oldUser.IdCard
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
|
||||
if oldUser.IdCardType != newUser.IdCardType {
|
||||
item := GetAccountItemByName("ID card type", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.IdCardType = oldUser.IdCardType
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
|
||||
oldUserPropertiesJson, _ := json.Marshal(oldUser.Properties)
|
||||
newUserPropertiesJson, _ := json.Marshal(newUser.Properties)
|
||||
if string(oldUserPropertiesJson) != string(newUserPropertiesJson) {
|
||||
item := GetAccountItemByName("Properties", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Properties = oldUser.Properties
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
|
||||
if oldUser.PreferredMfaType != newUser.PreferredMfaType {
|
||||
item := GetAccountItemByName("Multi-factor authentication", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.PreferredMfaType = oldUser.PreferredMfaType
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
|
||||
if oldUser.Groups == nil {
|
||||
@ -390,7 +490,11 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
|
||||
newUserGroupsJson, _ := json.Marshal(newUser.Groups)
|
||||
if string(oldUserGroupsJson) != string(newUserGroupsJson) {
|
||||
item := GetAccountItemByName("Groups", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Groups = oldUser.Groups
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
|
||||
if oldUser.Address == nil {
|
||||
@ -404,65 +508,117 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
|
||||
newUserAddressJson, _ := json.Marshal(newUser.Address)
|
||||
if string(oldUserAddressJson) != string(newUserAddressJson) {
|
||||
item := GetAccountItemByName("Address", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Address = oldUser.Address
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
|
||||
if newUser.FaceIds != nil {
|
||||
item := GetAccountItemByName("Face ID", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.FaceIds = oldUser.FaceIds
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
|
||||
if oldUser.IsAdmin != newUser.IsAdmin {
|
||||
item := GetAccountItemByName("Is admin", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.IsAdmin = oldUser.IsAdmin
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
|
||||
if oldUser.IsForbidden != newUser.IsForbidden {
|
||||
item := GetAccountItemByName("Is forbidden", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.IsForbidden = oldUser.IsForbidden
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
if oldUser.IsDeleted != newUser.IsDeleted {
|
||||
item := GetAccountItemByName("Is deleted", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.IsDeleted = oldUser.IsDeleted
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
if oldUser.NeedUpdatePassword != newUser.NeedUpdatePassword {
|
||||
item := GetAccountItemByName("Need update password", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.NeedUpdatePassword = oldUser.NeedUpdatePassword
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
|
||||
if oldUser.Balance != newUser.Balance {
|
||||
item := GetAccountItemByName("Balance", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Balance = oldUser.Balance
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
|
||||
if oldUser.Score != newUser.Score {
|
||||
item := GetAccountItemByName("Score", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Score = oldUser.Score
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
|
||||
if oldUser.Karma != newUser.Karma {
|
||||
item := GetAccountItemByName("Karma", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Karma = oldUser.Karma
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
|
||||
if oldUser.Language != newUser.Language {
|
||||
item := GetAccountItemByName("Language", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Language = oldUser.Language
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
|
||||
if oldUser.Ranking != newUser.Ranking {
|
||||
item := GetAccountItemByName("Ranking", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Ranking = oldUser.Ranking
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
|
||||
if oldUser.Currency != newUser.Currency {
|
||||
item := GetAccountItemByName("Currency", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Currency = oldUser.Currency
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
|
||||
if oldUser.Hash != newUser.Hash {
|
||||
item := GetAccountItemByName("Hash", organization)
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
if item == nil {
|
||||
newUser.Hash = oldUser.Hash
|
||||
} else {
|
||||
itemsChanged = append(itemsChanged, item)
|
||||
}
|
||||
}
|
||||
|
||||
for _, accountItem := range itemsChanged {
|
||||
|
||||
@ -16,6 +16,7 @@ package routers
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
"github.com/beego/beego/context"
|
||||
"github.com/casdoor/casdoor/object"
|
||||
@ -23,6 +24,10 @@ import (
|
||||
)
|
||||
|
||||
func AutoSigninFilter(ctx *context.Context) {
|
||||
urlPath := ctx.Request.URL.Path
|
||||
if strings.HasPrefix(urlPath, "/api/login/oauth/access_token") {
|
||||
return
|
||||
}
|
||||
//if getSessionUser(ctx) != "" {
|
||||
// return
|
||||
//}
|
||||
|
||||
@ -48,6 +48,10 @@ func CorsFilter(ctx *context.Context) {
|
||||
originHostname := getHostname(origin)
|
||||
host := removePort(ctx.Request.Host)
|
||||
|
||||
if origin == "null" {
|
||||
origin = ""
|
||||
}
|
||||
|
||||
if strings.HasPrefix(origin, "http://localhost") || strings.HasPrefix(origin, "https://localhost") || strings.HasPrefix(origin, "http://127.0.0.1") || strings.HasPrefix(origin, "http://casdoor-app") || strings.Contains(origin, ".chromiumapp.org") {
|
||||
setCorsHeaders(ctx, origin)
|
||||
return
|
||||
|
||||
@ -58,7 +58,7 @@ func fastAutoSignin(ctx *context.Context) (string, error) {
|
||||
redirectUri := ctx.Input.Query("redirect_uri")
|
||||
scope := ctx.Input.Query("scope")
|
||||
state := ctx.Input.Query("state")
|
||||
nonce := ""
|
||||
nonce := ctx.Input.Query("nonce")
|
||||
codeChallenge := ctx.Input.Query("code_challenge")
|
||||
if clientId == "" || responseType != "code" || redirectUri == "" {
|
||||
return "", nil
|
||||
|
||||
@ -703,6 +703,16 @@ class ApplicationEditPage extends React.Component {
|
||||
}} />
|
||||
</Col>
|
||||
</Row>
|
||||
<Row style={{marginTop: "20px"}}>
|
||||
<Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 19 : 2}>
|
||||
{Setting.getLabel(i18next.t("application:Use Email as NameID"), i18next.t("application:Use Email as NameID - Tooltip"))} :
|
||||
</Col>
|
||||
<Col span={1}>
|
||||
<Switch checked={this.state.application.useEmailAsSamlNameId} onChange={checked => {
|
||||
this.updateApplicationField("useEmailAsSamlNameId", checked);
|
||||
}} />
|
||||
</Col>
|
||||
</Row>
|
||||
<Row style={{marginTop: "20px"}} >
|
||||
<Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 19 : 2}>
|
||||
{Setting.getLabel(i18next.t("application:Enable SAML POST binding"), i18next.t("application:Enable SAML POST binding - Tooltip"))} :
|
||||
|
||||
@ -288,14 +288,14 @@ class CertEditPage extends React.Component {
|
||||
Setting.showMessage("success", i18next.t("general:Successfully saved"));
|
||||
this.setState({
|
||||
certName: this.state.cert.name,
|
||||
}, () => {
|
||||
if (exitAfterSave) {
|
||||
this.props.history.push("/certs");
|
||||
} else {
|
||||
this.props.history.push(`/certs/${this.state.cert.owner}/${this.state.cert.name}`);
|
||||
this.getCert();
|
||||
}
|
||||
});
|
||||
|
||||
if (exitAfterSave) {
|
||||
this.props.history.push("/certs");
|
||||
} else {
|
||||
this.props.history.push(`/certs/${this.state.cert.owner}/${this.state.cert.name}`);
|
||||
this.getCert();
|
||||
}
|
||||
} else {
|
||||
Setting.showMessage("error", `${i18next.t("general:Failed to save")}: ${res.msg}`);
|
||||
this.updateCertField("name", this.state.certName);
|
||||
|
||||
@ -287,6 +287,14 @@ export const OtherProviderInfo = {
|
||||
logo: `${StaticBaseUrl}/img/social_recaptcha.png`,
|
||||
url: "https://www.google.com/recaptcha",
|
||||
},
|
||||
"reCAPTCHA v2": {
|
||||
logo: `${StaticBaseUrl}/img/social_recaptcha.png`,
|
||||
url: "https://www.google.com/recaptcha",
|
||||
},
|
||||
"reCAPTCHA v3": {
|
||||
logo: `${StaticBaseUrl}/img/social_recaptcha.png`,
|
||||
url: "https://www.google.com/recaptcha",
|
||||
},
|
||||
"hCaptcha": {
|
||||
logo: `${StaticBaseUrl}/img/social_hcaptcha.png`,
|
||||
url: "https://www.hcaptcha.com",
|
||||
@ -1088,7 +1096,8 @@ export function getProviderTypeOptions(category) {
|
||||
} else if (category === "Captcha") {
|
||||
return ([
|
||||
{id: "Default", name: "Default"},
|
||||
{id: "reCAPTCHA", name: "reCAPTCHA"},
|
||||
{id: "reCAPTCHA v2", name: "reCAPTCHA v2"},
|
||||
{id: "reCAPTCHA v3", name: "reCAPTCHA v3"},
|
||||
{id: "hCaptcha", name: "hCaptcha"},
|
||||
{id: "Aliyun Captcha", name: "Aliyun Captcha"},
|
||||
{id: "GEETEST", name: "GEETEST"},
|
||||
|
||||
@ -434,10 +434,9 @@ class SyncerEditPage extends React.Component {
|
||||
{Setting.getLabel(i18next.t("syncer:Table"), i18next.t("syncer:Table - Tooltip"))} :
|
||||
</Col>
|
||||
<Col span={22} >
|
||||
<Input value={this.state.syncer.table}
|
||||
disabled={this.state.syncer.type === "Keycloak"} onChange={e => {
|
||||
this.updateSyncerField("table", e.target.value);
|
||||
}} />
|
||||
<Input value={this.state.syncer.table} onChange={e => {
|
||||
this.updateSyncerField("table", e.target.value);
|
||||
}} />
|
||||
</Col>
|
||||
</Row>
|
||||
<Row style={{marginTop: "20px"}} >
|
||||
|
||||
@ -1050,6 +1050,13 @@ class UserEditPage extends React.Component {
|
||||
<MfaAccountTable
|
||||
title={i18next.t("user:MFA accounts")}
|
||||
table={this.state.user.mfaAccounts}
|
||||
qrUrl={
|
||||
"casdoor-app://login/into?serverUrl=" + window.location.origin +
|
||||
"&clientId=" + this.state.application.clientId +
|
||||
"&organizationName=" + this.state.organizationName +
|
||||
"&appName=" + this.state.user.signupApplication
|
||||
}
|
||||
icon={this.state.user.avatar}
|
||||
onUpdateTable={(table) => {this.updateUserField("mfaAccounts", table);}}
|
||||
/>
|
||||
</Col>
|
||||
|
||||
@ -34,25 +34,42 @@ class CasLogout extends React.Component {
|
||||
|
||||
UNSAFE_componentWillMount() {
|
||||
const params = new URLSearchParams(this.props.location.search);
|
||||
const logoutInterval = 100;
|
||||
|
||||
const logoutTimeOut = (redirectUri) => {
|
||||
setTimeout(() => {
|
||||
AuthBackend.getAccount().then((accountRes) => {
|
||||
if (accountRes.status === "ok") {
|
||||
AuthBackend.logout().then((logoutRes) => {
|
||||
if (logoutRes.status === "ok") {
|
||||
logoutTimeOut(logoutRes.data2);
|
||||
} else {
|
||||
Setting.showMessage("error", `${i18next.t("login:Failed to log out")}: ${logoutRes.msg}`);
|
||||
}
|
||||
});
|
||||
} else {
|
||||
Setting.showMessage("success", i18next.t("application:Logged out successfully"));
|
||||
this.props.onUpdateAccount(null);
|
||||
if (redirectUri !== null && redirectUri !== undefined && redirectUri !== "") {
|
||||
Setting.goToLink(redirectUri);
|
||||
} else if (params.has("service")) {
|
||||
Setting.goToLink(params.get("service"));
|
||||
} else {
|
||||
Setting.goToLinkSoft(this, `/cas/${this.state.owner}/${this.state.applicationName}/login`);
|
||||
}
|
||||
}
|
||||
});
|
||||
}, logoutInterval);
|
||||
};
|
||||
|
||||
AuthBackend.logout()
|
||||
.then((res) => {
|
||||
if (res.status === "ok") {
|
||||
Setting.showMessage("success", "Logged out successfully");
|
||||
this.props.onUpdateAccount(null);
|
||||
const redirectUri = res.data2;
|
||||
if (redirectUri !== null && redirectUri !== undefined && redirectUri !== "") {
|
||||
Setting.goToLink(redirectUri);
|
||||
} else if (params.has("service")) {
|
||||
Setting.goToLink(params.get("service"));
|
||||
} else {
|
||||
Setting.goToLinkSoft(this, `/cas/${this.state.owner}/${this.state.applicationName}/login`);
|
||||
}
|
||||
logoutTimeOut(res.data2);
|
||||
} else {
|
||||
Setting.showMessage("error", `Failed to log out: ${res.msg}`);
|
||||
Setting.showMessage("error", `${i18next.t("login:Failed to log out")}: ${res.msg}`);
|
||||
}
|
||||
});
|
||||
|
||||
}
|
||||
|
||||
render() {
|
||||
|
||||
@ -27,7 +27,8 @@ export const CaptchaWidget = (props) => {
|
||||
|
||||
useEffect(() => {
|
||||
switch (captchaType) {
|
||||
case "reCAPTCHA": {
|
||||
case "reCAPTCHA" :
|
||||
case "reCAPTCHA v2": {
|
||||
const reTimer = setInterval(() => {
|
||||
if (!window.grecaptcha) {
|
||||
loadScript("https://recaptcha.net/recaptcha/api.js");
|
||||
@ -42,6 +43,32 @@ export const CaptchaWidget = (props) => {
|
||||
}, 300);
|
||||
break;
|
||||
}
|
||||
case "reCAPTCHA v3": {
|
||||
const reTimer = setInterval(() => {
|
||||
if (!window.grecaptcha) {
|
||||
loadScript(`https://recaptcha.net/recaptcha/api.js?render=${siteKey}`);
|
||||
}
|
||||
if (window.grecaptcha && window.grecaptcha.render) {
|
||||
const clientId = window.grecaptcha.render("captcha", {
|
||||
"sitekey": siteKey,
|
||||
"badge": "inline",
|
||||
"size": "invisible",
|
||||
"callback": onChange,
|
||||
"error-callback": function() {
|
||||
const logoWidth = `${document.getElementById("captcha").offsetWidth + 40}px`;
|
||||
document.getElementsByClassName("grecaptcha-logo")[0].firstChild.style.width = logoWidth;
|
||||
document.getElementsByClassName("grecaptcha-badge")[0].style.width = logoWidth;
|
||||
},
|
||||
});
|
||||
|
||||
window.grecaptcha.ready(function() {
|
||||
window.grecaptcha.execute(clientId, {action: "submit"});
|
||||
});
|
||||
clearInterval(reTimer);
|
||||
}
|
||||
}, 300);
|
||||
break;
|
||||
}
|
||||
case "hCaptcha": {
|
||||
const hTimer = setInterval(() => {
|
||||
if (!window.hcaptcha) {
|
||||
|
||||
@ -115,7 +115,7 @@ export const CaptchaModal = (props) => {
|
||||
} else {
|
||||
return (
|
||||
<Col>
|
||||
<Row>
|
||||
<Row justify={"center"}>
|
||||
<CaptchaWidget
|
||||
captchaType={captchaType}
|
||||
subType={subType}
|
||||
|
||||
@ -14,7 +14,7 @@
|
||||
|
||||
import React from "react";
|
||||
import {DeleteOutlined, DownOutlined, UpOutlined} from "@ant-design/icons";
|
||||
import {Button, Col, Image, Input, Row, Table, Tooltip} from "antd";
|
||||
import {Button, Col, Image, Input, Popover, QRCode, Row, Table, Tooltip} from "antd";
|
||||
import * as Setting from "../Setting";
|
||||
import i18next from "i18next";
|
||||
|
||||
@ -23,6 +23,8 @@ class MfaAccountTable extends React.Component {
|
||||
super(props);
|
||||
this.state = {
|
||||
classes: props,
|
||||
qrUrl: this.props.qrUrl,
|
||||
icon: this.props.icon,
|
||||
mfaAccounts: this.props.table !== null ? this.props.table.map((item, index) => {
|
||||
item.key = index;
|
||||
return item;
|
||||
@ -158,6 +160,15 @@ class MfaAccountTable extends React.Component {
|
||||
<div>
|
||||
{this.props.title}
|
||||
<Button style={{marginRight: "5px"}} type="primary" size="small" onClick={() => this.addRow(table)}>{i18next.t("general:Add")}</Button>
|
||||
<Popover trigger="focus" content={
|
||||
<QRCode
|
||||
value={this.state.qrUrl}
|
||||
icon={this.state.icon}
|
||||
bordered={false}
|
||||
/>
|
||||
}>
|
||||
<Button style={{marginLeft: "5px"}} type="primary" size="small">{i18next.t("general:QR Code")}</Button>
|
||||
</Popover>
|
||||
</div>
|
||||
)}
|
||||
/>
|
||||
|
||||
Reference in New Issue
Block a user